Secureworks has published the analysis of a (the?) central control server of the SpamThru trojan. Besides the fact that I would dearly love to learn more on how Spamhaus managed to identify the control server, the analysis has some proof about things we previously only could speculate about:
- Spammers managed to increase the quality of their lists. While I have observed this by eg the decreasing number of invalid recipients, Secureworks’ analysis proofs that some address lists have been stolen from unsecure webservers (by simply copying complete database dumps).
- The botnet had (has?) a size of about 73’000 computers. Even when basing on cautious assumptions, such a botnet can send out messages in the order of magnitude of 10^9 per day (“billions” for americans, “milliards” for the rest of the world).
- Most infected machines suffer from multiple diseases—from poor patching and updating cycles (only half are on a more-or-less up to date Windows release) to other malware being present.
Are you sure that your Windows machine is not part of the botnet?
SecureWorks hat eine interessante Analyse des SpamThru-Botnetzes geschrieben (bekannt durch die aktuelle Stock-Spam-Kampagne). Die wichtigsten Punkte: gesteuert durch einen Control-Server P2P-Kommunikation zwischen den Bots: Falls der Control-Server e...
Tracked: Dec 19, 18:25